Mutual authentication with modified message authentication code
First Claim
1. A method of instructing a subscriber identity module in a cellular communications network to process authentication information, comprising:
- receiving authentication data at the subscriber identity module, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF);
computing a first expected MAC using at least a portion of said authentication data;
comparing said first expected MAC to said first received MAC;
computing a second expected MAC;
comparing said second expected MAC to said first received MAC; and
processing at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and devices for instructing a subscriber identity module in a cellular communications network to process non-standard authentication information in a standard manner are disclosed. One embodiment of a method comprises receiving a first message authentication code (MAC) and an authentication management field (AMF) at a subscriber identity module as part of an authentication protocol, calculating a second MAC and determining whether the second MAC is equivalent to the first MAC. If the first and second MAC are not equivalent, the SIM calculates a third MAC and determines whether the first MAC is equivalent to the third MAC, and if so, the subscriber identity module processes the AMF in a predefined or standard manner.
-
Citations
15 Claims
-
1. A method of instructing a subscriber identity module in a cellular communications network to process authentication information, comprising:
-
receiving authentication data at the subscriber identity module, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF); computing a first expected MAC using at least a portion of said authentication data; comparing said first expected MAC to said first received MAC; computing a second expected MAC; comparing said second expected MAC to said first received MAC; and processing at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of instructing a subscriber identity module in a mobile communications network to process authentication information in a predefined manner, comprising:
-
receiving one or more authentication data fields at the subscriber identity module, said authentication data fields comprising a first message authentication code (MAC) and an authentication management field (AMF); generating, in the subscriber identity module, a second MAC using one or more received authentication data fields, and comparing said second MAC to said first MAC; generating, in the subscriber identity module, a third MAC when said second MAC differs from said first MAC, wherein said third MAC is generated based on one or more received authentication data fields; determining whether said first MAC is the same as said third MAC; and processing at least a portion of said AMF in a predefined manner when said first MAC is the same as said third MAC. - View Dependent Claims (7, 8)
-
-
9. A mutual authentication system for instructing a subscriber identity module in a communications network to process authentication information, comprising:
-
means for sending authentication data to a mobile station, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF); means for receiving said authentication data at said mobile station; means for computing a first expected MAC using at least a portion of said authentication data; means for comparing said first expected MAC to said first received MAC; means for computing a second expected MAC; means for comparing said second expected MAC to said first received MAC; and means for processing at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same. - View Dependent Claims (10, 11, 12)
-
-
13. A subscriber identity module in a mobile communications network configured to process authentication information in a predefined manner, comprising:
-
means for receiving one or more authentication data fields at the subscriber identity module, said authentication data fields comprising a first message authentication code (MAC) and an authentication management field (AMF); means for generating, in the subscriber identity module, a second MAC using one or more received authentication data fields, and means for comparing said second MAC to said first MAC; means for generating, in the subscriber identity module, a third MAC when said second MAC differs from said first MAC, wherein said third MAC is generated based on one or more received authentication data fields; means for determining whether said first MAC is the same as said third MAC; and means for processing at least a portion of said AMF in a predefined manner when said first MAC is the same as said third MAC.
-
-
14. A non-transitory computer-readable storage medium containing instructions stored thereon, which, when executed by a mutual authentication system for instructing a subscriber identity module in a communications network to process authentication information, causes the mutual authentication system to perform operations, the instructions comprising:
-
program code to send authentication data to a mobile station, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF); program code to receive said authentication data at said mobile station; program code to compute a first expected MAC using at least a portion of said authentication data; program code to compare said first expected MAC to said first received MAC program code to compute a second expected MAC; program code to compare said second expected MAC to said first received MAC; and program code to process at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same.
-
-
15. A non-transitory computer-readable storage medium containing instructions stored thereon, which, when executed by a subscriber identity module in a mobile communications network configured to process authentication information in a predefined manner, cause the subscriber identity module to perform operations, the instructions comprising:
-
program code to receive one or more authentication data fields at the subscriber identity module, said authentication data fields comprising a first message authentication code (MAC) and an authentication management field (AMF); program code to generate, in the subscriber identity module, a second MAC using one or more received authentication data fields, and program code to compare said second MAC to said first MAC; program code to generate, in the subscriber identity module, a third MAC when said second MAC differs from said first MAC, wherein said third MAC is generated based on one or more received authentication data fields; and program code to determine whether said first MAC is the same as said third MAC; and program code to process at least a portion of said AMF in a predefined manner when said first MAC is the same as said third MAC.
-
Specification